Snow Leopard and Cisco VPNs

by Tom on November 30, 2009

One of the subtle but very useful additions to MacOS 10.6 (a.k.a. Snow Leopard) is the built-in ability to connect to Cisco Virtual Private Networks (VPN), which many organizations have adopted. In MacOS 10.5 and earlier, one had to download the Cisco VPN client, which doesn’t quite fit in to the ‘sleek mac app’ category to say the least. An alternative was to use a shareware called Shimo. With Snow Leopard, neither of these are needed: Cisco VPNs are supported by default.

To set a VPN connection up, simply go to the System Preferences, then Network, and click on the plus sign to add a new item. Select VPN, and for VPN Type select Cisco VPN. You can name the service whatever you want (you can have multiple VPNs) and click OK. The terminology in the settings is a bit different from the Cisco client, but it’s all there. Enter the host in Server Address and your username in Account Name. If you have a group name/password, click on Authentication Settings. The Shared Secret is the same as a group password and the Group Name is below.

Last but not least, tick Show VPN status in menu bar. You will now be able to connect to the VPN straight from the menu bar:


VPN menu screenshot

The only disadvantage of using the built-in VPN client is that for some reason it is not possible to save the password, which is unfortunate. If you are happy with the Snow Leopard setup, you should be able to uninstall the Cisco client using instructions provided here. If you don’t like having to type your password each time, but cannot stand the Cisco VPN client, you can consider trying out Shimo.

For a more detailed walkthrough including screenshots, see this page.

{ 3 comments… read them below or add one }

1 Juan Cabanela December 1, 2009 at 5:08 pm

Actually, the problem with the VPN not accessing the Keychained password properly is a glitch that can be remedied.

Check http://www.macosxhints.com/article.php?story=2009082703155512

In a nutshell, you need to add /usr/libexec/configd and add it to the IPSec XAuth keychain entry access control. Once that is done, you have VPN logins from the menubar without a password (A la Shimo).

Reply

2 Tom December 1, 2009 at 5:21 pm

I couldn’t get this to work on 10.6.1, and the preference panel actually says ‘server will prompt for password’ so at no point can you save the password to the keychain in the first place. Maybe this only works on 10.6.0? (which did allow the password to be saved, but just didn’t work).

Reply

3 M-MML December 4, 2009 at 1:19 am

We’ve been advised by IT that, while this is a lovely feature, it doesn’t yet work, at least not in our environment. My personal experience agrees with this: I can set up the connection OK, but it freezes up and doesn’t actually transmit data, while the old clunky Cisco app still works. Looking forward to 10.6.x where it actually works!

Reply

Leave a Comment

Previous post:

Next post: